CVE-2022-0735

CRITICAL NUCLEI

GitLab CE/EE <14.6.5-14.8.2 - Info Disclosure

Title source: llm

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.

Nuclei Templates (1)

GitLab CE/EE - Information Disclosure

CRITICALby GitLab Red Team

Shodan: http.title:"GitLab" || cpe:"cpe:2.3:a:gitlab:gitlab" || http.title:"gitlab"

FOFA: title="gitlab"

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/353529

[Vendor Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0735.json

Scores

CVSS v3 10.0

EPSS 0.5738

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

Status published

Products (1)

gitlab/gitlab 12.0 - 14.6.5 (2 CPE variants)

Published Mar 28, 2022

Tracked Since Feb 18, 2026